With major security breaches regularly in the headlines, we wanted to take this opportunity to provide you with some best practices that you can implement in your office.

  • Your CRM system could potentially be a goldmine of sensitive client information, so be sure that system is protected with a robust password that is changed on a regular basis and not shared with other systems. If the CRM offers two-factor authentication, use it
  • If you have the “app” version of a CRM on your mobile phone or tablet, ensure that device is also protected with a password, PIN, or fingerprint-based security. This will also help protect sensitive work-related emails or texts that may be on your phone
  • Speaking of mobile devices, enable the ability to remotely lock or erase your mobile phone should it be lost or stolen. Android devices: check out Google’s “Find My Device.” Apple devices: check out “Find my iPhone.” Or use another third-party option
  • Use a password manager like LastPass to help keep track of the myriad usernames and passwords for various sites, to generate complex and randomized passwords, and to perform a security test of your existing passwords. It sure beats a Word or Excel file stored on your computer, or, worse yet, a series of Post-it notes
  • If you receive emailed instructions from a client to send funds to a third-party, confirm the request by verbally speaking with the client after calling him or her on the phone number you have on file. That “client” may in fact be a hacker who has gained control of your real client’s email account, or is using an email address strikingly similar — but not identical — to your client’s
  • Email in general is not very secure, but if you must use it to send or receive sensitive information, insist on some form of encryption. Alternatives can include: 1) Password-protecting attachments; 2) Sending a hyperlink to a document sharing site that is only accessible to the recipient and is protected by a password; 3) Using an encryption service that may be provided by your email archiving vendor
  • Don’t use free or public WiFi. It may be convenient, but it’s not secure. Consider using a VPN service or activating the hotspot feature on your mobile phone to tie in to your own private internet connection
  • In addition to using two-factor authentication whenever possible, also consider an authenticator app on your phone like Google Authenticator. It works in conjunction with many sites or apps you may use every day, and creates a continuously-expiring series of codes that can be used to verify your login credentials only for the brief period during which you are accessing the site or app of interest
  • In your email system, disable the auto-complete or suggested contact feature that may pop up when typing in the recipient of an email you are about to send. If you are not careful, you could end up sending Mike Jones’ sensitive information to Mike Smith
  • If an email you receive contains a hyperlink, hover your cursor — without clicking — over the sender’s email address and the hyperlink text to ensure both are legitimate. Clicking on a malicious link from even a trusted contact can subject your computer to spyware, viruses, or ransomware

Successful cybersecurity may require a few extra steps and some extra attention, but working together and taking a few smart steps, we can help protect important data and keep clients’ information as safe and secure as possible.